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This listing of claims replaces all prior versions and listings; 
Listing of Claims: 

1. (Currently Amended) A method of enabling a proxy client in a secured 
network to access a target service on behalf of a user, comprising the steps of; 

registering proxy authorization information regarding the user with a trusted 
security server, the proxy authorization information identifying the proxy client and 
an extent of proxy authorization granted th e proxy client bv the user, the ext e nt of 
proxy authorization compri s ing a restriction on a rongo of target services that the 
proxy client may access on behalf of the user ; 

submitting, by the proxy client, a proxy request to the trusted security server 
requesting access to the target service on behalf of the user; 

comparing, by the trusted security server, the proxy request with the registered 
proxy authorization information of the user to determine whether to grant the proxy 
request; 

issuing, by the trusted security service, a data structure containing 
authentication data recognizable by the target service for authenticating the proxy 
client for accessing the target service on behalf of the user, if it is determined to grant 
the proxy request . 
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2. (Original) A method as in claim 1, wherein the data structure is a ticket 
containing a session key for use in a session formed between the proxy client and the 
target service. 

3. (Currently Amended) A method as in claim-4^2, wherein the ticket is 
encrypted with a secret key shared by the target service and the trusted security 
server. 

4. (Original) A method as in claim 1, wherein the step of comparing 
determines whether a proxy duration specified by the proxy authorization information 
has expired. 

5. (Original) A method as in claim 1, wherein the step of submitting the 
request includes transmitting a ticket for authenticating the proxy client to the trusted 
security server. 

6. (Currently Amended) A computer-readable medium having computer- 
executable instruction for a trusted security server to perform the steps: 

storing proxy authorization information from a user for authorizing a proxy 
client to act as a proxy of the use r, the proxy authorization information identifying an 
extent of proxy authorization granted the proxy client bv the user : 
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receiving a proxy request from the proxy client to access a target service on 
behalf of the user, 

determining, based on the stored p roxy authorization information of the user, 
whether to grant the proxy request; 

constructing a data structure containing authentication data recognizable by the 
target service for authenticating the proxy client for accessing the target service on 
behalf of the use r, if it is determined to grant the proxy request . 

7. (Original) A computer-readable medium as in claim 6, having further 
computer-executable instruction for performing the step of authenticating the user 
based on a password of the user before storing the proxy authorization information. 

8, (Original) A computer-readable medium as in claim 6, wherein the step of 
receiving the proxy request includes authenticating the proxy client based on a ticket 
issued to the proxy client for communicating with the trusted security server. 

9* (Original) A computer-readable medium as in claim 6, having further 
computer-executable instruction for performing the step of sending the data structure 
to the proxy client for presenting to the target service the authentication of the proxy 
client 
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10. (Original) A computer-readable medium as in claim 6, wherein the data 
structure is encrypted with a key shared by the target service and the trusted security 
server. 

11-17. (Canceled). 

18. (New) A method as in claim 1, wherein the extent of proxy authorization 
comprises a restriction on a range of target services that the proxy client may access 
on behalf of the user. 

19. (New) A method as in claim 1 7 further comprising accessing, by the proxy 
client, the target service, the accessing being in a batch mode without user 
intervention. 

20. (New) A computer-readable medium having computer-executable 
instructions for performing steps: 

receiving a proxy request from a first user to access a target service, wherein 
access to the target service is restricted to a set of one or more users that excludes the 
first user and includes a second user; 

comparing the proxy request with a plurality of proxy authorizations 
maintained in the first data structure to determine whether to grant the proxy request, 
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wherein each proxy authorization identifies a user granting proxy authorization, a user 
receiving proxy authorization and an extent of proxy authorization; and 

issuing a second data structure containing data recognizable by the target 
service for authenticating the first user to access the target service as a proxy of the 
second user, if the proxy request is granted. 

21. (New) A computer-readable medium as in claim 20, wherein the extent of 
proxy authorization comprises a restriction on a range of target services that the proxy 
client may access on behalf of the user* 

22. (New) A computer-readable medium as in claim 20, wherein the extent of 
proxy authorization comprises a restriction on a duration that the first client can act as 
a proxy of the second user. 

23. (New) A computer-readable medium as in claim 20, wherein the second 
data structure is a ticket containing a key for use in a session formed between the first 
client and the target service. 

24. (New) A computer-readable medium as in claim 20, further comprising 
authenticating the first client based on a ticket issued to the first client for 
communicating the proxy request. 
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25. (New) A computer-readable medium as in claim 20, further comprising: 
receiving proxy authorization information regarding a given user; and 
storing proxy authorization information regarding the given user in the first 

data structure. 

26. (New) A computer-readable medium as in claim 25, wherein; 

the proxy authorization information regarding the given user is received from 
the given user; and 

the identity of the given user is authenticated, 

27. (New) A computer-readable medium as in claim 25, wherein: 

the proxy authorization information regarding the given user is received from 
an administrator; and 

the identity of the administrator is authenticated. 
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